CVE-2009-4664 (GCVE-0-2009-4664)

Vulnerability from cvelistv5 – Published: 2010-03-03 20:00 – Updated: 2024-08-07 07:08

Summary

Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://blog.fwbuilder.org/2009/09/firewall-builde…	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=524588	x_refsource_CONFIRM
	http://secunia.com/advisories/36809	third-party-advisoryx_refsource_SECUNIA
	http://osvdb.org/58247	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/36468	vdb-entryx_refsource_BID
	http://www.fwbuilder.org/docs/firewall_builder_re…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/0389	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:08:38.000Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2010-0157",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524588"
          },
          {
            "name": "36809",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36809"
          },
          {
            "name": "58247",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/58247"
          },
          {
            "name": "firewallbuilder-temp-symlink(53392)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53392"
          },
          {
            "name": "36468",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36468"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7"
          },
          {
            "name": "ADV-2010-0389",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0389"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "FEDORA-2010-0157",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524588"
        },
        {
          "name": "36809",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36809"
        },
        {
          "name": "58247",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/58247"
        },
        {
          "name": "firewallbuilder-temp-symlink(53392)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53392"
        },
        {
          "name": "36468",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36468"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7"
        },
        {
          "name": "ADV-2010-0389",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0389"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4664",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2010-0157",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html"
            },
            {
              "name": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html",
              "refsource": "CONFIRM",
              "url": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=524588",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524588"
            },
            {
              "name": "36809",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36809"
            },
            {
              "name": "58247",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/58247"
            },
            {
              "name": "firewallbuilder-temp-symlink(53392)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53392"
            },
            {
              "name": "36468",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36468"
            },
            {
              "name": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7",
              "refsource": "CONFIRM",
              "url": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7"
            },
            {
              "name": "ADV-2010-0389",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0389"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4664",
    "datePublished": "2010-03-03T20:00:00",
    "dateReserved": "2010-03-03T00:00:00",
    "dateUpdated": "2024-08-07T07:08:38.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fwbuilder:firewall_builder:3.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCA0E55C-59B4-4F95-A32A-19926086DA62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fwbuilder:firewall_builder:3.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA2B9082-8241-4466-91F0-E3E63EBEC0A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fwbuilder:firewall_builder:3.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DFB6F34-3BCE-4C34-8403-6EAB356F8141\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"155AD4FB-E527-4103-BCEF-801B653DEA37\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.\"}, {\"lang\": \"es\", \"value\": \"Firewall Builder v3.0.4, v3.0.5, y v3.0.6, cuando se ejecuta sobre linux, permite a usuarios locales obtener privilegios a trav\\u00e9s de un ataque de enlace simb\\u00f3lico sobre un archivo temporal no especificado que es creado por la secuencia de comandos del iptables.\"}]",
      "id": "CVE-2009-4664",
      "lastModified": "2024-11-21T01:10:10.177",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:N/I:P/A:P\", \"baseScore\": 3.3, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.4, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2010-03-03T20:30:00.650",
      "references": "[{\"url\": \"http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/58247\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/36809\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/36468\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0389\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=524588\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/53392\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/58247\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/36809\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/36468\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0389\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=524588\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/53392\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-59\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-4664\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-03-03T20:30:00.650\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.\"},{\"lang\":\"es\",\"value\":\"Firewall Builder v3.0.4, v3.0.5, y v3.0.6, cuando se ejecuta sobre linux, permite a usuarios locales obtener privilegios a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un archivo temporal no especificado que es creado por la secuencia de comandos del iptables.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:N/I:P/A:P\",\"baseScore\":3.3,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fwbuilder:firewall_builder:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCA0E55C-59B4-4F95-A32A-19926086DA62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fwbuilder:firewall_builder:3.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA2B9082-8241-4466-91F0-E3E63EBEC0A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fwbuilder:firewall_builder:3.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DFB6F34-3BCE-4C34-8403-6EAB356F8141\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"155AD4FB-E527-4103-BCEF-801B653DEA37\"}]}]}],\"references\":[{\"url\":\"http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/58247\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/36809\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/36468\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0389\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=524588\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/53392\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/58247\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36809\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/36468\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0389\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=524588\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/53392\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-MM9X-PR4P-52P6

Vulnerability from github – Published: 2022-05-02 03:56 – Updated: 2022-05-02 03:56

Details

Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-4664"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-03-03T20:30:00Z",
    "severity": "LOW"
  },
  "details": "Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.",
  "id": "GHSA-mm9x-pr4p-52p6",
  "modified": "2022-05-02T03:56:58Z",
  "published": "2022-05-02T03:56:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4664"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524588"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53392"
    },
    {
      "type": "WEB",
      "url": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/58247"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36809"
    },
    {
      "type": "WEB",
      "url": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36468"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0389"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201003-0011

Vulnerability from variot - Updated: 2023-12-18 11:25

Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script. Firewall Builder creates temporary files in an insecure manner. An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files or to execute arbitrary code with elevated privileges. Firewall Builder 3.0.4, 3.0.5, and 3.0.6 are vulnerable; other versions may also be affected. ----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability intelligence source on the market.

Implement it through Secunia.

For more information visit: http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com

TITLE: Firewall Builder Insecure Temporary Files

SECUNIA ADVISORY ID: SA36809

VERIFY ADVISORY: http://secunia.com/advisories/36809/

DESCRIPTION: A security issue has been reported in Firewall Builder, which can be exploited by malicious, local users to perform certain actions with escalated privileges. This can be exploited to e.g. overwrite arbitrary files via symlink attacks.

Note: Only scripts setting iptable's static routing configuration are affected.

The security issue is reported in versions 3.0.4, 3.0.5, and 3.0.6.

SOLUTION: Update to version 3.0.7.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Background

Firewall Builder is a GUI for easy management of multiple firewall platforms.

Workaround

There is no known workaround at this time.

Resolution

All Firewall Builder users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-firewall/fwbuilder-3.0.7"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since March 09, 2010. It is likely that your system is already no longer affected by this issue.

References

[ 1 ] CVE-2008-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4956 [ 2 ] CVE-2009-4664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4664

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201201-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------

Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/

TITLE: Fedora update for fwbuilder and libfwbuilder

SECUNIA ADVISORY ID: SA38585

VERIFY ADVISORY: http://secunia.com/advisories/38585/

DESCRIPTION: Fedora has issued an update for fwbuilder and libfwbuilder.

For more information: SA36809

SOLUTION: Apply updated packages using the yum utility ("yum update fwbuilder libfwbuilder")

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201003-0011",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "firewall builder",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "fwbuilder",
        "version": "3.0.4"
      },
      {
        "model": "firewall builder",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "fwbuilder",
        "version": "3.0.5"
      },
      {
        "model": "firewall builder",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fwbuilder",
        "version": "3.0.6"
      },
      {
        "model": "firewall builder",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fwbuilder",
        "version": "and  3.0.6"
      },
      {
        "model": "kernel",
        "scope": null,
        "trust": 0.8,
        "vendor": "linux",
        "version": null
      },
      {
        "model": "firewall builder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netcitadel",
        "version": "3.0.6"
      },
      {
        "model": "firewall builder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netcitadel",
        "version": "3.0.5"
      },
      {
        "model": "firewall builder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netcitadel",
        "version": "3.0.4"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "firewall builder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "netcitadel",
        "version": "3.0.7"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "36468"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003670"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4664"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-033"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fwbuilder:firewall_builder:3.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fwbuilder:firewall_builder:3.0.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fwbuilder:firewall_builder:3.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-4664"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NetCitadel",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-033"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2009-4664",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.4,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 3.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2009-4664",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.4,
            "id": "VHN-42110",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-4664",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201003-033",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-42110",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42110"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003670"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4664"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-033"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script. Firewall Builder creates temporary files in an insecure manner. \nAn attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. \nSuccessfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files or to execute arbitrary code with elevated privileges. \nFirewall Builder 3.0.4, 3.0.5, and 3.0.6 are vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nFirewall Builder Insecure Temporary Files\n\nSECUNIA ADVISORY ID:\nSA36809\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36809/\n\nDESCRIPTION:\nA security issue has been reported in Firewall Builder, which can be\nexploited by malicious, local users to perform certain actions with\nescalated privileges. This\ncan be exploited to e.g. overwrite arbitrary files via symlink\nattacks. \n\nNote: Only scripts setting iptable\u0027s static routing configuration are\naffected. \n\nThe security issue is reported in versions 3.0.4, 3.0.5, and 3.0.6. \n\nSOLUTION:\nUpdate to version 3.0.7. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nBackground\n==========\n\nFirewall Builder is a GUI for easy management of multiple firewall\nplatforms. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Firewall Builder users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-firewall/fwbuilder-3.0.7\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\navailable since March 09, 2010. It is likely that your system is\nalready no longer affected by this issue. \n\nReferences\n==========\n\n[ 1 ] CVE-2008-4956\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4956\n[ 2 ] CVE-2009-4664\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4664\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201201-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\n\n\nSecunia integrated with Microsoft WSUS \nhttp://secunia.com/blog/71/\n\n\n\n----------------------------------------------------------------------\n\nTITLE:\nFedora update for fwbuilder and libfwbuilder\n\nSECUNIA ADVISORY ID:\nSA38585\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/38585/\n\nDESCRIPTION:\nFedora has issued an update for fwbuilder and libfwbuilder. \n\nFor more information:\nSA36809\n\nSOLUTION:\nApply updated packages using the yum utility (\"yum update fwbuilder\nlibfwbuilder\")",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-4664"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003670"
      },
      {
        "db": "BID",
        "id": "36468"
      },
      {
        "db": "VULHUB",
        "id": "VHN-42110"
      },
      {
        "db": "PACKETSTORM",
        "id": "81499"
      },
      {
        "db": "PACKETSTORM",
        "id": "108991"
      },
      {
        "db": "PACKETSTORM",
        "id": "86386"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-4664",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "36468",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "36809",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "58247",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0389",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003670",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-033",
        "trust": 0.7
      },
      {
        "db": "FEDORA",
        "id": "FEDORA-2010-0157",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "53392",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-42110",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "81499",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "108991",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "38585",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "86386",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42110"
      },
      {
        "db": "BID",
        "id": "36468"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003670"
      },
      {
        "db": "PACKETSTORM",
        "id": "81499"
      },
      {
        "db": "PACKETSTORM",
        "id": "108991"
      },
      {
        "db": "PACKETSTORM",
        "id": "86386"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4664"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-033"
      }
    ]
  },
  "id": "VAR-201003-0011",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42110"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:25:55.438000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Firewall Builder Release Notes",
        "trust": 0.8,
        "url": "http://www.fwbuilder.org/4.0/docs/firewall_builder_release_notes.html#3.0.7"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://jp.redhat.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003670"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-59",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42110"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003670"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4664"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-february/035112.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/36468"
      },
      {
        "trust": 1.7,
        "url": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524588"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/58247"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/36809"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/0389"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53392"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4664"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4664"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/53392"
      },
      {
        "trust": 0.3,
        "url": "http://www.fwbuilder.org/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/36809/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4664"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4664"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201201-11.xml"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4956"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4956"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/blog/71/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-february/035113.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/38585/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42110"
      },
      {
        "db": "BID",
        "id": "36468"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003670"
      },
      {
        "db": "PACKETSTORM",
        "id": "81499"
      },
      {
        "db": "PACKETSTORM",
        "id": "108991"
      },
      {
        "db": "PACKETSTORM",
        "id": "86386"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4664"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-033"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-42110"
      },
      {
        "db": "BID",
        "id": "36468"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003670"
      },
      {
        "db": "PACKETSTORM",
        "id": "81499"
      },
      {
        "db": "PACKETSTORM",
        "id": "108991"
      },
      {
        "db": "PACKETSTORM",
        "id": "86386"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4664"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-033"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-03-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-42110"
      },
      {
        "date": "2009-09-21T00:00:00",
        "db": "BID",
        "id": "36468"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-003670"
      },
      {
        "date": "2009-09-21T14:52:16",
        "db": "PACKETSTORM",
        "id": "81499"
      },
      {
        "date": "2012-01-24T04:15:19",
        "db": "PACKETSTORM",
        "id": "108991"
      },
      {
        "date": "2010-02-16T17:06:59",
        "db": "PACKETSTORM",
        "id": "86386"
      },
      {
        "date": "2010-03-03T20:30:00.650000",
        "db": "NVD",
        "id": "CVE-2009-4664"
      },
      {
        "date": "2010-03-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201003-033"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-42110"
      },
      {
        "date": "2015-04-13T21:49:00",
        "db": "BID",
        "id": "36468"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-003670"
      },
      {
        "date": "2017-08-17T01:31:42.087000",
        "db": "NVD",
        "id": "CVE-2009-4664"
      },
      {
        "date": "2010-03-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201003-033"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "36468"
      },
      {
        "db": "PACKETSTORM",
        "id": "81499"
      },
      {
        "db": "PACKETSTORM",
        "id": "86386"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-033"
      }
    ],
    "trust": 1.1
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Firewall Builder Vulnerability gained in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003670"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "post link",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-033"
      }
    ],
    "trust": 0.6
  }
}

GSD-2009-4664

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.

Aliases

CVE-2009-4664

Aliases

CVE-2009-4664

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-4664",
    "description": "Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.",
    "id": "GSD-2009-4664",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-4664.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-4664"
      ],
      "details": "Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.",
      "id": "GSD-2009-4664",
      "modified": "2023-12-13T01:19:45.967699Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-4664",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "FEDORA-2010-0157",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html"
          },
          {
            "name": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html",
            "refsource": "CONFIRM",
            "url": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=524588",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524588"
          },
          {
            "name": "36809",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36809"
          },
          {
            "name": "58247",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/58247"
          },
          {
            "name": "firewallbuilder-temp-symlink(53392)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53392"
          },
          {
            "name": "36468",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/36468"
          },
          {
            "name": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7",
            "refsource": "CONFIRM",
            "url": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7"
          },
          {
            "name": "ADV-2010-0389",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0389"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fwbuilder:firewall_builder:3.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fwbuilder:firewall_builder:3.0.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fwbuilder:firewall_builder:3.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4664"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-59"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "36809",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/36809"
            },
            {
              "name": "58247",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/58247"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=524588",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524588"
            },
            {
              "name": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7"
            },
            {
              "name": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html"
            },
            {
              "name": "36468",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/36468"
            },
            {
              "name": "FEDORA-2010-0157",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html"
            },
            {
              "name": "ADV-2010-0389",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0389"
            },
            {
              "name": "firewallbuilder-temp-symlink(53392)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53392"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-17T01:31Z",
      "publishedDate": "2010-03-03T20:30Z"
    }
  }
}

FKIE_CVE-2009-4664

Vulnerability from fkie_nvd - Published: 2010-03-03 20:30 - Updated: 2025-04-11 00:51

Severity ?

Summary

Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.

References

URL	Tags
cve@mitre.org	http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html	Vendor Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html
cve@mitre.org	http://osvdb.org/58247
cve@mitre.org	http://secunia.com/advisories/36809	Vendor Advisory
cve@mitre.org	http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7
cve@mitre.org	http://www.securityfocus.com/bid/36468
cve@mitre.org	http://www.vupen.com/english/advisories/2010/0389
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=524588
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/53392
af854a3a-2127-422b-91ae-364da2661108	http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/58247
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36809	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36468
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0389
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=524588
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/53392

Impacted products

Vendor	Product	Version
fwbuilder	firewall_builder	3.0.4
fwbuilder	firewall_builder	3.0.5
fwbuilder	firewall_builder	3.0.6
linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fwbuilder:firewall_builder:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA0E55C-59B4-4F95-A32A-19926086DA62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fwbuilder:firewall_builder:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA2B9082-8241-4466-91F0-E3E63EBEC0A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fwbuilder:firewall_builder:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DFB6F34-3BCE-4C34-8403-6EAB356F8141",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script."
    },
    {
      "lang": "es",
      "value": "Firewall Builder v3.0.4, v3.0.5, y v3.0.6, cuando se ejecuta sobre linux, permite a usuarios locales obtener privilegios a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un archivo temporal no especificado que es creado por la secuencia de comandos del iptables."
    }
  ],
  "id": "CVE-2009-4664",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-03-03T20:30:00.650",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/58247"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36809"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36468"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/0389"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524588"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/58247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36809"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36468"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524588"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53392"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-4664 (GCVE-0-2009-4664)

GHSA-MM9X-PR4P-52P6

VAR-201003-0011

Background

Workaround

Resolution

References

Availability

Concerns?

License

GSD-2009-4664

FKIE_CVE-2009-4664

Tags

Sightings

Nomenclature